What if I told you that there was a way to dramatically beef up security on all your online accounts in a matter of a few easy clicks? Say hello to Two Factor Authentication: eight syllables heard frequently in security spaces but sound like jargon to non-techy folks (myself included before I learned about Bitcoin).
Two Factor Authentication (2FA) or alternatively 2-Step Verification simply adds another layer of protection to your accounts by sending a second, one-time-password from another device you control after you log in with your usual password. Most people are used to entering one password to access their accounts; this is one factor of security that can be easily guessed especially if you use the same passwords for most accounts. The most common analogy is your first password being like a standard lock on your door while 2FA is like having an additional deadbolt that requires a different key to unlock.
While no one is immune from their accounts being compromised, many internet users may feel intimidated by some security best practices and opt to forego protecting themselves altogether. I get it — learning good security practices can be a time suck and ain’t nobody got time for that. But if you’re not using 2FA you are missing out on something that is easy for users at any level to implement and can protect your most valuable data.
Nearly half of all Americans had personal data (including credit cards, bank information, and physical addresses) released by hackers in 2014 and these are numbers from just the people and companies that were forthcoming about their breaches. These numbers do not appear to be going down any time soon because hackers are relentless and many people think it won’t happen to them.
Over 55% of internet users reuse passwords and these passwords are usually very basic so that people can remember them easily. The problem with memorable passwords is that they are easily guessed by the tools hackers use to gain access to your private information. If a hacker successfully gains full access to an internet service, they may compromise the passwords of all the users of that service. They can then attempt to use those passwords, or similar derivations, on other websites.
2FA drastically increases your level of security with a few simple clicks and is available for most services that require passwords from bitcoin wallets to email accounts to social media accounts. It’s very useful because if your first factor of security is breached — someone guesses your password — they still need access to a second password created from an app on a mobile device. Unless the hacker has access to the second device they will not be able to get the second password required to log in. In addition, the second password is a one-time, cryptographically secure, random number which cannot be “guessed” and only lives on the user’s device.
2FA can be found in the privacy settings sections for your accounts. One of the most vitally important accounts to enable 2FA on is your email. If you use Gmail the process is very easy; simply go into your privacy settings from your G+ profile, click My Account in the upper right hand corner, select Sign-in and Security, scroll down until you see a menu featuring 2-Step Verification, and click on that section. From there you will be prompted to add a phone number or download the app Google Authenticator. If you add your phone number, you will receive a text message with a code you can enter as the second password when you log in. Enabling 2FA via text message has the additional benefit of alerting you if someone tries to log in to your account although Google is particularly effective at alerting you anyway if someone attempts a login for your Gmail.
The process is similar if you download the Google Authenticator app — a password or code is generated that you can use as the second password. These codes have a time limit in which they can be used and will refresh after a few seconds. You can also opt to generate a list of codes that can be used when you log in.
The process is similar for other accounts and can easily be found in the privacy/security settings. It’s wise to enable 2FA on all accounts that may contain information you don’t want the rest of the world to know.
As I mentioned before you can add your phone to enable 2FA which will receive a text message with a code each time a login is attempted. You can also choose from a variety of authentication apps. I’ve used Authy and Google Authenticator successfully. Authentication apps will generate a time sensitive code that expires after about 30 seconds and then a new one is generated. This renders the code useless if somehow a hacker gains access to it. The code can only be used once which makes for a very high level of security.
Another important account to protect is your Bitcoin wallet for obvious reasons. With traditional 2FA, you have to download third party apps, and copy and paste codes. While simple enough for some users, at Airbitz we’ve made this process more streamlined and are the first mobile app to provide One Touch 2FA. One Touch 2FA is like Google Authenticator within the Airbitz app. The token is generated by the app and immediately pasted for use. The app works the same way as Google Authenticator without having to download a third party app and is totally private. In the video below you can see how the process works.
With how easy it is to implement 2FA, there’s no reason to not use it. While there are other layers of security that you can add to protect yourself, 2FA is one of the more user friendly. Security doesn’t have to be hard to use to be effective and if you value your most private information surely the few minutes it takes to set up is worth the days or months spent agonizing over a breach.